egommerce/stack
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update & Refactor

Browse Source
This commit is contained in:
Piotr Biernat 2024-12-24 14:29:04 +01:00
parent a856f24132
commit 6848b55101
14 changed files with 202 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Makefile
View File

@ -8,13 +8,16 @@ down:
- docker stack rm egommerce - docker stack rm egommerce
k8s-up: k8s-up:
- sh ${DEPLOY_DIR}/scripts/start-k8s.sh - sh ${DEPLOY_DIR}/start-k8s.sh
k8s-down: k8s-down:
- kubectl... TODO :D - kubectl delete -f deploy/k8s/stack.yml
# GENERATING CERTS # GENERATING CERTS
certs: certs:
- bash ${DEPLOY_DIR}/scripts/gen-certs.sh - bash ${DEPLOY_DIR}/scripts/gen-certs.sh
volumes-restart:
- docker stack rm egommerce
- docker volume prune -af
- sh ${DEPLOY_DIR}/start-stack.sh

6
deploy/.env.dist
View File

@ -0,0 +1,6 @@
API_GATEWAY_ADDR=gw.service.ego.io
API_GATEWAY_PORT=443
# API_REGISTRY_ADDR=registry.service.ego.io
API_REGISTRY_ADDR=api-registry
API_REGISTRY_PORT=8501

10
deploy/.env.local
View File

@ -1,4 +1,6 @@
API_GATEWAY_PORT=48443 API_GATEWAY_ADDR=gw.service.ego.io
API_GATEWAY_UI_PORT=48444 API_GATEWAY_PORT=443
API_REGISTRY_UI_PORT=48445
API_EVENTBUS_UI_PORT=48446 # API_REGISTRY_ADDR=registry.service.ego.io
#API_REGISTRY_ADDR=api-registry
API_REGISTRY_PORT=8501

4
deploy/db_migrations/basket-svc/0001_create_base_tables.up.sql
View File

@ -1,7 +1,7 @@
CREATE TABLE IF NOT EXISTS basket.basket CREATE TABLE IF NOT EXISTS basket.basket
( (
id uuid NOT NULL DEFAULT gen_random_uuid(), id uuid NOT NULL DEFAULT gen_random_uuid(),
state character varying NOT NULL DEFAULT 'new', "state" character varying NOT NULL DEFAULT 'new',
created_at timestamp without time zone NOT NULL DEFAULT now(), created_at timestamp without time zone NOT NULL DEFAULT now(),
updated_at timestamp without time zone, updated_at timestamp without time zone,
PRIMARY KEY (id) PRIMARY KEY (id)
@ -13,7 +13,7 @@ CREATE TABLE IF NOT EXISTS basket.basket_item
basket_id uuid NOT NULL, basket_id uuid NOT NULL,
product_id integer NOT NULL, product_id integer NOT NULL,
quantity integer NOT NULL DEFAULT 1, quantity integer NOT NULL DEFAULT 1,
price double precision NOT NULL DEFAULT 0.00; price double precision NOT NULL DEFAULT 0.00,
created_at timestamp without time zone NOT NULL DEFAULT now(), created_at timestamp without time zone NOT NULL DEFAULT now(),
updated_at timestamp without time zone, updated_at timestamp without time zone,
PRIMARY KEY (id) PRIMARY KEY (id)

2
deploy/db_migrations/basket-svc/0002_add_price_to_basket_item.down.sql
View File

@ -1,2 +0,0 @@
ALTER TABLE IF EXISTS basket.basket_item
DROP COLUMN price;

2
deploy/db_migrations/basket-svc/0002_add_price_to_basket_item.up.sql
View File

@ -1,2 +0,0 @@
ALTER TABLE IF EXISTS basket.basket_item
ADD COLUMN price double precision NOT NULL DEFAULT 0.00;

4
deploy/db_migrations/catalog-svc/0001_create_base_tables.up.sql
View File

@ -1,8 +1,8 @@
CREATE TABLE catalog.product CREATE TABLE catalog.product
( (
id integer NOT NULL GENERATED ALWAYS AS IDENTITY, id integer NOT NULL GENERATED ALWAYS AS IDENTITY,
pid character varying NOT NULL, pid uuid NOT NULL DEFAULT gen_random_uuid(),
name character varying NOT NULL, "name" character varying NOT NULL,
price double precision NOT NULL, price double precision NOT NULL,
created_at timestamp without time zone NOT NULL DEFAULT now(), created_at timestamp without time zone NOT NULL DEFAULT now(),
updated_at timestamp without time zone, updated_at timestamp without time zone,

3
deploy/db_migrations/init/init.sql
View File

@ -1,3 +1,6 @@
CREATE USER egommerce; CREATE USER egommerce;
CREATE DATABASE egommerce; CREATE DATABASE egommerce;
GRANT ALL PRIVILEGES ON DATABASE egommerce TO egommerce; GRANT ALL PRIVILEGES ON DATABASE egommerce TO egommerce;
CREATE EXTENSION IF NOT EXISTS "pgcrypto";

4
deploy/db_migrations/order-svc/0001_create_base_tables.down.sql
View File

@ -1,2 +1,2 @@
DROP TABLE IF EXISTS ordering.order_item; DROP TABLE IF EXISTS "ordering".order_item;
DROP TABLE IF EXISTS ordering."order"; DROP TABLE IF EXISTS "ordering"."order";

10
deploy/db_migrations/order-svc/0001_create_base_tables.up.sql
View File

@ -1,25 +1,25 @@
CREATE TABLE IF NOT EXISTS ordering."order" CREATE TABLE IF NOT EXISTS "ordering"."order"
( (
id uuid NOT NULL DEFAULT gen_random_uuid(), id uuid NOT NULL DEFAULT gen_random_uuid(),
state character varying NOT NULL DEFAULT 'new', "state" character varying NOT NULL DEFAULT 'new',
created_at timestamp without time zone NOT NULL DEFAULT now(), created_at timestamp without time zone NOT NULL DEFAULT now(),
updated_at timestamp without time zone, updated_at timestamp without time zone,
PRIMARY KEY (id) PRIMARY KEY (id)
); );
CREATE TABLE IF NOT EXISTS ordering.order_item CREATE TABLE IF NOT EXISTS "ordering".order_item
( (
id uuid NOT NULL DEFAULT gen_random_uuid(), id uuid NOT NULL DEFAULT gen_random_uuid(),
order_id uuid NOT NULL, order_id uuid NOT NULL,
product_id integer NOT NULL, product_id integer NOT NULL,
quantity integer NOT NULL DEFAULT 1, quantity integer NOT NULL DEFAULT 1,
price double precision NOT NULL DEFAULT 0.00; price double precision NOT NULL DEFAULT 0.00,
created_at timestamp without time zone NOT NULL DEFAULT now(), created_at timestamp without time zone NOT NULL DEFAULT now(),
updated_at timestamp without time zone, updated_at timestamp without time zone,
PRIMARY KEY (id) PRIMARY KEY (id)
); );
ALTER TABLE IF EXISTS ordering.order_item ALTER TABLE IF EXISTS "ordering".order_item
ADD CONSTRAINT order_item_order_fkey FOREIGN KEY (order_id) ADD CONSTRAINT order_item_order_fkey FOREIGN KEY (order_id)
REFERENCES "ordering"."order" (id) MATCH SIMPLE REFERENCES "ordering"."order" (id) MATCH SIMPLE
ON UPDATE NO ACTION ON UPDATE NO ACTION

20
deploy/etc/nginx/nginx-vhost.dev.conf
View File

@ -16,10 +16,10 @@ upstream egommerce-api-eventbus-mngmt {
server { server {
listen 443 ssl; listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/admin.egommerce.pbiernat.dev/fullchain.pem; ssl_certificate /etc/letsencrypt/live/admin.egommerce.pbiernat.io/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/admin.egommerce.pbiernat.dev/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/admin.egommerce.pbiernat.io/privkey.pem;
server_name admin.egommerce.pbiernat.dev; server_name admin.egommerce.pbiernat.io;
# Traefik redirects # Traefik redirects
location /dashboard { location /dashboard {
@ -91,16 +91,16 @@ server {
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
} }
error_log /var/log/nginx/admin-egommerce.pbiernat.dev-error.log; error_log /var/log/nginx/admin-egommerce.pbiernat.io-error.log;
access_log /var/log/nginx/admin-egommerce.pbiernat.dev-access.log combined; access_log /var/log/nginx/admin-egommerce.pbiernat.io-access.log combined;
} }
#server { #server {
# listen 443 ssl; # listen 443 ssl;
# ssl_certificate /etc/letsencrypt/live/egommerce.pbiernat.dev/fullchain.pem; # ssl_certificate /etc/letsencrypt/live/egommerce.pbiernat.io/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/egommerce.pbiernat.dev/privkey.pem; # ssl_certificate_key /etc/letsencrypt/live/egommerce.pbiernat.io/privkey.pem;
# #
# server_name egommerce.pbiernat.dev; # server_name egommerce.pbiernat.io;
# #
# # Pass all requests to the API Gateway # # Pass all requests to the API Gateway
# location / { # location / {
@ -114,7 +114,7 @@ server {
# client_max_body_size 0; # client_max_body_size 0;
# } # }
# #
# error_log /var/log/nginx/egommerce.pbiernat.dev-error.log; # error_log /var/log/nginx/egommerce.pbiernat.io-error.log;
# access_log /var/log/nginx/egommerce.pbiernat.dev-access.log combined; # access_log /var/log/nginx/egommerce.pbiernat.io-access.log combined;
#} #}

4
deploy/etc/nginx/nginx-vhost.local.conf
View File

@ -16,8 +16,8 @@ upstream egommerce-api-eventbus-mngmt {
server { server {
listen 443 ssl; listen 443 ssl;
ssl_certificate /home/keedosn/workspace/golang/src/git.ego.cloudns.be/egommerce/stack/deploy/certs/api-gateway/localhost.cert; ssl_certificate /home/keedosn/workspace/golang/src/git.pbiernat.io/egommerce/stack/deploy/certs/api-gateway/localhost.cert;
ssl_certificate_key /home/keedosn/workspace/golang/src/git.ego.cloudns.be/egommerce/stack/deploy/certs/api-gateway/localhost.key; ssl_certificate_key /home/keedosn/workspace/golang/src/git.pbiernat.io/egommerce/stack/deploy/certs/api-gateway/localhost.key;
server_name egommerce.local; server_name egommerce.local;

4
deploy/etc/prometheus/prometheus.yml
View File

@ -47,7 +47,7 @@ scrape_configs:
# - job_name: consul # - job_name: consul
# consul_sd_configs: # consul_sd_configs:
# - server: api-registry:8500 # - server: api-registry:8501
# services: # services:
# - consul # - consul
# - basket-server # - basket-server
@ -59,7 +59,7 @@ scrape_configs:
# - job_name: rabbitmq # - job_name: rabbitmq
# consul_sd_configs: # consul_sd_configs:
# - server: api-registry:8500 # - server: api-registry:8501
# services: # services:
# - api-eventbus # - api-eventbus
# relabel_configs: # relabel_configs:

156
deploy/make-cert.sh Executable file
View File

@ -0,0 +1,156 @@
#!/bin/bash
cd deploy/certs
mkdir -p ca
mkdir -p api-gateway api-registry api-gateway api-eventbus api-vault
mkdir -p basket-svc catalog-svc identity-svc order-svc pricing-svc
# # Generate ROOT Key
# openssl genrsa -out ca/internalCA.key 4096
# # Generate ROOT Cert
# openssl req -x509 -new -nodes -key ca/internalCA.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io CA/CN=egommerce.io" \
# -sha256 -days 3650 -out ca/internalCA.crt
# # MANAGING SERVICES
# # Generate Key for API-REGISTRY
# openssl genrsa -out api-registry/registry.key 2048
# # Generate Cert for API-REGISTRY
openssl req -new -sha256 -key api-registry/registry.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-registry" \
-out api-registry/registry.internal.csr
openssl req -new -sha256 -key api-registry/registry.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-registry" \
-out api-registry/registry.local.csr
openssl x509 -req -in api-registry/registry.internal.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
-extensions SAN \
-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-registry,DNS:consul.service.ego.io,DNS:consul.service.dc.ego.io,IP:127.0.0.1')) \
-out api-registry/registry.internal.crt -days 365 -sha256
openssl x509 -req -in api-registry/registry.local.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
-extensions SAN \
-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-registry,DNS:registry.egommerce.local,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \
-out api-registry/registry.local.crt -days 365 -sha256
# # Generate Key for API-GATEWAY
# openssl genrsa -out api-gateway/gateway.key 2048
# # Generate Cert for API-GATEWAY
openssl req -new -sha256 -key api-gateway/gateway.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-gateway" \
-out api-gateway/gateway.internal.csr
openssl req -new -sha256 -key api-gateway/gateway.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-gateway" \
-out api-gateway/gateway.local.csr
openssl x509 -req -in api-gateway/gateway.internal.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
-extensions SAN \
-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-gateway,DNS:gateway.service.ego.io,DNS:gateway.service.dc.ego.io,IP:127.0.0.1')) \
-out api-gateway/gateway.internal.crt -days 365 -sha256
openssl x509 -req -in api-gateway/gateway.local.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
-extensions SAN \
-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-gateway,DNS:gateway.egommerce.local,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \
-out api-gateway/gateway.local.crt -days 365 -sha256
# Generate Key for API-VAULT
# openssl genrsa -out api-vault/vault.key 2048
# Generate Cert for API-VAULT
openssl req -new -sha256 -key api-vault/vault.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-vault" \
-out api-vault/vault.internal.csr
openssl req -new -sha256 -key api-vault/vault.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-vault" \
-out api-vault/vault.local.csr
openssl x509 -req -in api-vault/vault.internal.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
-extensions SAN \
-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-vault,DNS:vault.service.ego.io,DNS:localhost,IP:127.0.0.1')) \
-out api-vault/vault.internal.crt -days 365 -sha256
openssl x509 -req -in api-vault/vault.local.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
-extensions SAN \
-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-vault,DNS:vault.egommerce.local,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \
-out api-vault/vault.local.crt -days 365 -sha256
# Generate Key for API-EVENTBUS
# openssl genrsa -out api-eventbus/eventbus.key 2048
# Generate Cert for API-EVENTBUS
openssl req -new -sha256 -key api-eventbus/eventbus.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-eventbus" \
-out api-eventbus/eventbus.internal.csr
openssl req -new -sha256 -key api-eventbus/eventbus.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-eventbus" \
-out api-eventbus/eventbus.local.csr
openssl x509 -req -in api-eventbus/eventbus.internal.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
-extensions SAN \
-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-eventbus,DNS:esb.service.ego.io,DNS:localhost,IP:127.0.0.1')) \
-out api-eventbus/eventbus.internal.crt -days 365 -sha256
openssl x509 -req -in api-eventbus/eventbus.local.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
-extensions SAN \
-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-eventbus,DNS:eventbus.egommerce.local,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \
-out api-eventbus/eventbus.local.crt -days 365 -sha256
# API MICROSERVICES
# Generate Key for domain (service) - BASKET-SVC
# openssl genrsa -out basket-svc/basket-svc.key 2048
# Generate Cert for domain (service) - BASKET-SVC
openssl req -new -sha256 -key basket-svc/basket-svc.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=basket-svc" \
-out basket-svc/basket-svc.csr
openssl x509 -req -in basket-svc/basket-svc.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
-extensions SAN \
-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:basket-svc,DNS:basket.service.ego.io,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \
-out basket-svc/basket-svc.crt -days 365 -sha256
# Generate Key for domain (service) - CATALOG-SVC
# openssl genrsa -out catalog-svc/catalog-svc.key 2048
# Generate Cert for domain (service) - CATALOG-SVC
openssl req -new -sha256 -key catalog-svc/catalog-svc.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=catalog-svc" \
-out catalog-svc/catalog-svc.csr
openssl x509 -req -in catalog-svc/catalog-svc.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
-extensions SAN \
-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:catalog-svc,DNS:catalog.service.ego.io,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \
-out catalog-svc/catalog-svc.crt -days 365 -sha256
# Generate Key for domain (service) - IDENTITY-SVC
# openssl genrsa -out identity-svc/identity-svc.key 2048
# Generate Cert for domain (service) - IDENTITY-SVC
openssl req -new -sha256 -key identity-svc/identity-svc.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=identity-svc" \
-out identity-svc/identity-svc.csr
openssl x509 -req -in identity-svc/identity-svc.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
-extensions SAN \
-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:identity-svc,DNS:identity.service.ego.io,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \
-out identity-svc/identity-svc.crt -days 365 -sha256
# Generate Key for domain (service) - ORDER-SVC
# openssl genrsa -out order-svc/order-svc.key 2048
# Generate Cert for domain (service) - ORDER-SVC
openssl req -new -sha256 -key order-svc/order-svc.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=order-svc" \
-out order-svc/order-svc.csr
openssl x509 -req -in order-svc/order-svc.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
-extensions SAN \
-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:order-svc,DNS:order.service.ego.io,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \
-out order-svc/order-svc.crt -days 365 -sha256
# Generate Key for domain (service) - PRICING-SVC
# openssl genrsa -out pricing-svc/pricing-svc.key 2048
# Generate Cert for domain (service) - PRICING-SVC
openssl req -new -sha256 -key pricing-svc/pricing-svc.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=pricing-svc" \
-out pricing-svc/pricing-svc.csr
openssl x509 -req -in pricing-svc/pricing-svc.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
-extensions SAN \
-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:pricing-svc,DNS:pricing.service.ego.io,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \
-out pricing-svc/pricing-svc.crt -days 365 -sha256